This detection rule identifies unauthorized alterations to the Windows boot configuration data using the bcdedit command-line utility. The bcdedit (Boot Configuration Data Editor) is a tool that modifies the system's boot configuration, which can be exploited by attackers to disable security features, modify recovery options, or set malicious payloads that can execute during system startup. This behavior is recognized as a precursor to more significant attacks, such as ransomware deployment. The rule captures specific command line arguments that indicate an intent to tamper with boot settings, flagging them for further investigation. The selection criteria include checks for the presence of 'set' in the command line, alongside strict parameters which include the alteration of boot policy and recovery settings. Given the severity of potential impacts associated with these activities, this rule is classified with a high detection level.